Hackers: should we condemn or embrace them?

Well if companies took their responsibilty to data security seriously, no one would be tempted to hack as they’d be getting nowhere fast. Unfortunately most companies are run by muppets who don’t understand the problem ( and won’t listen to theose they’ve employed that do ) and only see it as an expenditure that can be cost cut. Especially as it doesnt generate revenue.

First a lot of Hackers are Computer nerds and look on hacking as an intellectual exercise to see if they can penetrate the security.

I will never use social networks because I think they are far too slack and open.

Nor will I ever answer any personal questions on-line by phone or email unless I instigate the call first. It cannot completely eliminate hacking but does go a long way to stop it.

Hacking covers a lot of different things. On one hand it’s breaking into security systems for financial gain, but there are many things that I use today that have been enabled by hackers. For example, dvd ripping software (which still seems a bit grey in terms of legality), my jailbroken iphone that allows me to use my work sim card in my iphone. Jailbreaking the iphone, incidentally, is what spurred Apple to allow third party apps, and provided them inspiration to create the App Store. There are many other ‘hacks’ that break in built security in the devices we use at home to allow us to use them in ways not intended by the manufacturer. The hacks use the same techniques that hackers of banking systems use. Another example is XBMC which originally was a a way of turning an xbox (original) into a media center that plugs into your tv. People still use it today.

And then there are politcally motivated hackers – those who see government or corporate corruption and are otherwise helpless to expose this corruption. Would you also condemn the hacker who has gone on to shine a light on this corruption?

Here’s an obvious example of that [1] – HBGary was hacked, and it was revealed that they had a secret plan to criminally discredit a legitimate Salon journalist named Glenn Greenwald.

There’s also the wikileaks data dumps of US-government mass killings of civilians in Iraq and elsewhere. Without these hackers, we’d still be in the dark!

[1] http://www.techdirt.com/articles/20110209/22340513034/leaked-hbgary-documents-show-plan-to-spread-wikileaks-propaganda-bofa-attack-glenn-greenwald.shtml

Hackers should be given jobs and lots of praise.

They highlight all the issues that the companies have neglected due to budgetary issues, and these are security/testing issues, things that companies ALWAYS scrimp on when budget is tight.

… Hacking for financial gain is wrong. It’s a crime and the authorities should fight it. …

Regardless of how Which? researchers choose to define it, pretty well any of the activities described under the hacking banner is a criminal act, irrespective of financial motive.

Please read the Computer Misuse Act 1990, a law which came about precisely because earlier attempted convictions under the Forgery and Counterfeiting Act failed. (Signing onto a computer system with false credentials is an act of forgery, but without a financial motive these ancient laws were ineffective in dealing with computer attacks.)

Where even so-called “ethical” hackers go wrong is in i) knowingly attempting to circumvent security controls and then ii) leaving traces of their activity or acting on information they are not entitled to access, just to prove they’ve been there so they can revel in their success.

It’s rather like suggesting joy riders carry out a public service by demonstrating how easy it is to break into cars and thrash them around the streets for a few hours, thus leading to improvements in vehicle security and saving us all from having our cars stolen by nasty professional gangs of thieves.

Apart from the criminal nature of what most hackers do, you seem to have overlooked that we are all paying a daily price for their unauthorized and unelected activities, whether we want to not. I’ll have to assume Which? run anti-virus software on their PC systems and firewalls on their networks, but the rest of us certainly do. How much does that cost each and every one of us who uses a computer? Ever noticed how sluggish your PC is to boot up with anti-virus software running? What does that equate to in lost productivity?

… However, I don’t think hackers are all bad …

Agreed, but almost by definition, the only ethical hackers are the ones you’ve never heard of, because they don’t talk about their work or share information with others. Firstly, they do not actively and knowingly attempt to breach the security of systems they are not authorized to access, but when they think they’ve found a loophole, they report it to the responsible body concerned.

Only when that organization fails to take action in a reasonable time frame, should the information then be made public – and after balancing that decision against the risk of alerting those with criminal intent of an opportunity waiting to be tapped. Were Sony given due warning?

I do think that hackers are criminals. While companies improving the security around their systems and the data that they hold is further progress towards the ‘cure’ aspects of hacking, I think that this needs to go hand-in-hand with making the ‘prevention’ more effective i.e. identify penalties that will actually deter hacking.
As a first step towards identifying more effective penalties could be market research – actually asking hackers want matters them to most and what would deter them. Then put penalties in place that hits them ‘where it hurts’.
At the present time, it almost seems that people’s response to hacking, including the Government’s and judicial system, is one of awe and admiration. It almost seems to be, for instance, a response along the lines of ‘Did you steal this little old lady’s life savings by yourself? Aren’t you clever! We must make you a Director of IT Security in some multinational company.’
Talking of hackers, I think it’s deplorable that Julian Assange is still in Ecuador’s UK Embassy and that he has refused to meet with Swedish investigators concerning those two sexual accusations against him. He was originally detained by UK authorities, who were acting on an Interpol Red Notice, which has the weight of an international arrest warrant. Interpol would only have issued one in response to either an arrest warrant being issued or court decision being made in Sweden, to say that there were cases for Assange to answer.
After the UN committee chose to look into Assange’s situation and their findings were reported in our media, I felt like standing outside the Ecuadoran Embassy, holding up two placards: one saying ‘JULIAN, STOP DETAINING YOURSELF ARBITRARILY!’ and ‘JULIAN, LET YOURSELF GO!’.
I hope we still have police stationed outside the embassy so, should Assange just do the equivalent of ‘popping to the corner shop for a packet of fags’, he can be arrested and put on a plane to Sweden!